it could be a person filling in the form with spam information.
If you are using form builder and using Captcha validation, it will really only prevent an automated script for submitting the form, it wont prevent a person from filling in the form with spam information.
one thing you can do, is to set up a database to capture the form submission and the uses IP address using the Server REMOTE_ADDR, when a spam email comes though, you can look it up in the database and then set the server to restrict access to your site to that IP using an htaccess rule:
ip-address-restrictions-to-protect-directories-using-htaccess/